Change invite link to https instead of http

Hello there. I've been getting more and more users onto Retool recently and have an annoying problem with the invite links. We're running an on-premise instance and our Outlook users have their links wrapped in some microsoft-security stuff "safelinks.protection.outlook.com..." I'll work with my IT team on that one.

The backup copy-paste link at the bottom has an insecure "http" url and fails in Chrome. Shouldn't that be "https" in this day and age?
image

Hi @mikec!

From your link there, it looks like you are using the self-hosted version of Retool- is that correct?

If that is case, the URL used in invitations is populated by the BASE_URL environment variable. Can you check whether it is defined as HTTP there?

Hi @alex-w . Yes this is a self-hosted version of Retool. Updated BASE_DOMAIN and BASE_URL to secure versions but when testing, we are still getting non-secure links in the invite emails. On version 2.89.11. Any other ideas?

@ben was able to sync on this separately, in this case the issue ended up being the COOKIE_INSECURE environment variable being set to true, which is used when hosting retool on a non HTTPS domain or a raw IP address

COOKIE_INSECURE: Sends auth requests with insecure cookies — set to true if hosting Retool on a non-HTTPS URL or raw IP address. This is typically used if you haven’t deployed Retool on a custom domain yet.

Thanks @alex-w. All good here. Appreciate you following up.